clean ebpf folder

build/agent.Dockerfile

@@ -3,12 +3,18 @@ FROM golang:1.22.1 AS ebpf-buildenv
 RUN apt-get update
 RUN apt-get install -y clang libelf-dev libbpf-dev
 
-COPY . /src/
 WORKDIR /src
 
+COPY go.mod go.sum ./
 RUN --mount=type=cache,target="/root/.cache/go-build" <<EOR
 set -ex
 go mod download
+EOR
+
+COPY . /src/
+
+RUN --mount=type=cache,target="/root/.cache/go-build" <<EOR
+set -ex
 go generate -tags ebpf ./ebpf/...
 EOR
 

src/ebpf/include/headers.h

@@ -0,0 +1,12 @@
+#ifdef TARGET_ARCH_amd64
+#include "vmlinux_x86_64.h"
+#endif
+
+#ifdef TARGET_ARCH_arm64
+#include "vmlinux_aarch64.h"
+#endif
+
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_endian.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_core_read.h>

src/ebpf/include/maps.h

@@ -0,0 +1,47 @@
+const __u32 MAX_SIZE = 4096;
+const __u32 MAX_ENTRIES_HASH = 4096;
+
+struct ssl_event_meta_t {
+    __u32 pid;
+    __u64 timestamp;
+    __u32 dataSize;
+};
+
+struct ssl_event_t {
+    struct ssl_event_meta_t meta;
+    __u8 data[MAX_SIZE];
+};
+
+struct ssl_context_t {
+    __u64 size;
+    __u64 buffer;
+};
+
+struct target_t {
+    _Bool enabled;
+};
+
+struct {
+    __uint(type, BPF_MAP_TYPE_HASH);
+    __uint(max_entries, 1024);
+    __type(key, __u64);
+    __type(value, struct ssl_context_t);
+} ssl_contexts SEC(".maps");
+
+struct {
+    __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+    __type(key, __u32);
+    __type(value, struct ssl_event_t);
+    __uint(max_entries, 1);
+} ssl_event SEC(".maps");
+
+struct {
+    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+} ssl_events SEC(".maps");
+
+struct {
+    __uint(type, BPF_MAP_TYPE_HASH);
+    __uint(max_entries, MAX_ENTRIES_HASH);
+    __type(key, __u32);
+    __type(value, struct target_t);
+} targets SEC(".maps");

src/ebpf/openssl/generate.go

@@ -2,4 +2,4 @@
 
 package openssl
 
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -target $GOARCH -cc clang -no-strip -cflags "-O2 -g -Wall" openssl ./openssl.ebpf.c -- -I.:/usr/include/bpf:/usr/include/linux -DTARGET_ARCH_$GOARCH
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -target $GOARCH -cc clang -no-strip -cflags "-O2 -g -Wall" openssl ./openssl.ebpf.c -- -I.:/usr/include/bpf:/usr/include/linux -I/src/ebpf/include -DTARGET_ARCH_$GOARCH

src/ebpf/openssl/openssl.ebpf.c

@@ -1,65 +1,7 @@
 //go:build ignore
 
-#ifdef TARGET_ARCH_amd64
-#include "vmlinux_x86_64.h"
-#endif
-
-#ifdef TARGET_ARCH_arm64
-#include "vmlinux_aarch64.h"
-#endif
-
-#include <bpf/bpf_tracing.h>
-#include <bpf/bpf_endian.h>
-#include <bpf/bpf_helpers.h>
-#include <bpf/bpf_core_read.h>
-
-const __u32 MAX_SIZE = 4096;
-const __u32 MAX_ENTRIES_HASH = 4096;
-
-struct ssl_event_meta_t {
-    __u32 pid;
-    __u64 timestamp;
-    __u32 dataSize;
-};
-
-struct ssl_event_t {
-    struct ssl_event_meta_t meta;
-    __u8 data[MAX_SIZE];
-};
-
-struct ssl_context_t {
-    __u64 size;
-    __u64 buffer;
-};
-
-struct target_t {
-    _Bool enabled;
-};
-
-struct {
-    __uint(type, BPF_MAP_TYPE_HASH);
-    __uint(max_entries, 1024);
-    __type(key, __u64);
-    __type(value, struct ssl_context_t);
-} ssl_contexts SEC(".maps");
-
-struct {
-    __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
-    __type(key, __u32);
-    __type(value, struct ssl_event_t);
-    __uint(max_entries, 1);
-} ssl_event SEC(".maps");
-
-struct {
-    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
-} ssl_events SEC(".maps");
-
-struct {
-    __uint(type, BPF_MAP_TYPE_HASH);
-    __uint(max_entries, MAX_ENTRIES_HASH);
-    __type(key, __u32);
-    __type(value, struct target_t);
-} targets SEC(".maps");
+#include "headers.h"
+#include "maps.h"
 
 int shouldTrace() {
     // gets the current (real) PID